Tech Shout!

Fortinet has announced that the Fortinet Global Security Research Team had played a crucial role in the discovery of the ‘Speech Control Memory Corruption Vulnerability,’ which is one of the latest critical vulnerabilities (CVE-2007-2222) detected in Microsoft. The flaw affects users of the Microsoft Speech software.

The two remote buffer overflow vulnerabilities exist in the “xvoice.dll” ActiveX component of Microsoft Speech version 4.0a, through which an attacker can actually execute arbitrary code on the affected system by exploiting either vulnerability. A s a result of which an attacker can take full control of a victim’s system.

Steve Fossen, manager of threat research at Fortinet said, “Anything that allows the execution of arbitrary code from a remote source leaves a user open to cyber attackers exploiting and capitalizing on the vulnerability.” Fossen added, “Users should always install all updates for the software they’re using and protect their connected computers with threat mitigation solutions; otherwise they’re donating their resources to the hackers and spammers of the world.”

An update issued by Microsoft on Tuesday has advised all Microsoft Speech users to immediately apply the update.